Skip to content
A proxy for OAuth 1.0a requests using AWS Lambdas.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
assets
build
deploy
src
test
.env.example
.eslintignore
.eslintrc.json
.gitignore
APACHE_LICENSE
MIT_LICENSE.md
README.md
app.js
config.js
package-lock.json
package.json
webpack.config.js

README.md

OAuth 1.0a Proxy

Coverage Status

This project serves as a proxy for OAuth 1.0a requests. We leverage Lambdas created with AWS SAM to sign requests using the specified app ID and secret. The Lambdas cover the first and third legs of OAuth 1.0a authentication as well as signing and proxying GET and POST requests.

Initial Setup

  1. Clone git repo: git clone https://github.com/sourceallies/aws-oauth-1.0-proxy.git
  2. cd to the git repository
  3. npm install

Build and Deploy

The deploy scripts are configured to read environment variables from a .env file. Thus, a .env file should be created based on .env.example. See Environment Configuration for more details about environment variables and how they are used.

We've also included example scripts for deployment via CI in deploy/bamboo. These scripts read environment variables from the CI and write them to a .env file. Then they run the general deployment scripts.

Note that the deploy script will fail if there are no AWS keys with valid IAM permissions. An example policy has been included for the Lambdas. For your CI service (in our case, bamboo), Admin permissions must be granted for API Gateway, Cloudformation and Lambdas.

A more detailed explanation of what the deploy script is doing can be found in the wiki under Deploy Steps.

Build

./build/build.sh
  1. Installs dependencies
  2. Runs tests
  3. Webpacks the project
  4. Zips deploy files into artifact.zip

Deploy

./deploy/deploy.sh
  1. Load environment variables from .env
  2. Assume IAM admin role
  3. Removes the old S3 bucket
  4. Creates a new S3 bucket
  5. Adds the zipped code to the S3 bucket
  6. Creates the lambdas

Endpoints

First Leg OAuth: POST

Path: /firstLegAuth

Get the temporary oAuth tokens needed for the second leg.

Example Request:

POST /Prod/firstLegAuth HTTP/1.1
Host: **.execute-api.us-east-1.amazonaws.com
Cache-Control: no-cache

Example Response:

{
    "requestToken": "$tempToken",
    "requestTokenSecret": "$tempSecret"
}

Third Leg OAuth: POST

Path: /thirdLegAuth

Use the temporary oAuth tokens and verifier from the second leg to get the access token and access token secret.

Example Request:

POST /Prod/thirdLegAuth HTTP/1.1
Host: **.execute-api.us-east-1.amazonaws.com
Content-Type: application/json
Cache-Control: no-cache

{
  "requestToken": "$tempToken",
  "requestTokenSecret": "$tempSecret",
  "verifier": "$verifier"
}

Example Response:

{
    "accessToken": "$accessToken",
    "accessTokenSecret": "$accessTokenSecret"
}

Sign Request: GET

Path: /oAuthSignRequest

Signs the GET request with the app ID and app secret. Provide access tokens and the url to proxy as query parameters.

Example Request:

GET /Prod/oAuthSignRequest?accessToken=<access_token>&accessTokenSecret=<access_token_secret>&url=<url_to_proxy> HTTP/1.1
Host: **.execute-api.us-east-1.amazonaws.com
Accept: application/json
Content-Type: application/json
Cache-Control: no-cache

Response will be the same as what you expect from the url that is being proxied.

If there is an error connecting to the url that is being proxied, the response status code will be 502.

Sign Request: POST

Path: /oAuthSignRequest

Signs the POST request with the app ID and app secret. Provide access tokens and the url to proxy in the body of the request along with the body that you want to post to the url that is being proxied.

Example Request:

POST /Prod/oAuthSignRequest HTTP/1.1
Host: **.execute-api.us-east-1.amazonaws.com
Accept: application/json
Content-Type: application/json
Cache-Control: no-cache

{
  "accessToken": "$accessToken",
  "accessTokenSecret": "$accessTokenSecret",
  "url": "$urlToProxy",
  "data": "$postBody"
}

Response will be the same as what you expect from the url that is being proxied.

If there is an error connecting to the url that is being proxied, the response status code will be 502.

Testing

Unit Tests

Run the Jest test runner:

npm run test

Linting

Lint repo using ES Lint:

npm run lint

Contribution

Fork the repo and create a pull request describing your contribution.

License

This project is licensed under the terms of the Apache 2.0 license or alternatively under the terms of the MIT. You may use aws-oauth-1.0-proxy according to either of these licenses as is most appropriate for your project on a case-by-case basis..

About Source Allies

Source Allies is an IT Consultancy based in Urbandale, Iowa. Learn more here and get in touch with us here.

Source Allies Logo

You can’t perform that action at this time.